3

I need to transfer users and their passwords from a python 2 system to a python 3 system.

The PW hash looks like this:

PBKDF2$sha256$10000$KlCW+ewerd19fS9f$l+5LgvcWTzghtz77086MSVG+q5z2Lij

In the python 2 system I used these functions to check hashes:

def check_hash(password, hash_):
    """Check a password against an existing hash."""
    if isinstance(password, unicode):
        password = password.encode('utf-8')
    algorithm, hash_function, cost_factor, salt, hash_a = hash_.split('$')
    assert algorithm == 'PBKDF2'
    hash_a = b64decode(hash_a)
    hash_b = pbkdf2_bin(password, salt, int(cost_factor), len(hash_a),
                        getattr(hashlib, hash_function))
    assert len(hash_a) == len(hash_b)  # we requested this from pbkdf2_bin()
    # Same as "return hash_a == hash_b" but takes a constant time.
    # See http://carlos.bueno.org/2011/10/timing.html
    diff = 0
    for char_a, char_b in izip(hash_a, hash_b):
        diff |= ord(char_a) ^ ord(char_b)
    return diff == 0

and this:

_pack_int = Struct('>I').pack

def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
    """Returns a binary digest for the PBKDF2 hash algorithm of `data`
    with the given `salt`.  It iterates `iterations` time and produces a
    key of `keylen` bytes.  By default SHA-1 is used as hash function,
    a different hashlib `hashfunc` can be provided.
    """
    hashfunc = hashfunc or hashlib.sha1
    mac = hmac.new(data, None, hashfunc)
    def _pseudorandom(x, mac=mac):
        h = mac.copy()
        h.update(x)
        return map(ord, h.digest())
    buf = []
    for block in xrange(1, -(-keylen // mac.digest_size) + 1):
        rv = u = _pseudorandom(salt + _pack_int(block))
        for i in xrange(iterations - 1):
            u = _pseudorandom(''.join(map(chr, u)))
            rv = starmap(xor, izip(rv, u))
        buf.extend(rv)
    return ''.join(map(chr, buf))[:keylen]

What have I done so far:

Right after copying the code into my python 3 scripts I had to change some variables:

izip -> zip

I kept unicode: from past.builtins import unicode

I kept xrange: from past.builtins import xrange

Now I had no script errors, but after executing the script I got an error here (in the pbkdf2_bin function):

rv = u = _pseudorandom(salt + _pack_int(block))
TypeError: must be str, not bytes

So I fixed it by converting bytes to str:

rv = u = _pseudorandom(salt + _pack_int(block).decode('utf-8'))

Now the next error appears (in the pbkdf2_bin function):

h.update(x)
TypeError: Unicode-objects must be encoded before hashing

I also fixed this with the proper encoding:

h.update(x.encode('utf-8'))

Next error:

  File "C:\Users\User\Eclipse-Workspace\Monteurzimmer-Remastered\hash_passwords.py", line 123, in check_hash
    getattr(hashlib, hash_function))
  File "C:\Users\User\Eclipse-Workspace\Monteurzimmer-Remastered\pbkdf2.py", line 125, in pbkdf2_bin_old_2
    u = _pseudorandom(''.join(map(chr, u)))
TypeError: ord() expected string of length 1, but int found

There was an issue with the return value of _pseudorandom (in the pbkdf2_bin function). It had to be converted, so I fixed it:

Maybe the issue is here

#return map(ord, h.digest()) # throws the error
#return map(int, h.digest()) # returns nothing (length 0)
#return list(map(ord, h.digest())) # throws the error
return list(map(int, h.digest())) # seems to work with the correct length

The last error is at the end of the check_hash function:

File "C:\Users\User\Eclipse-Workspace\Monteurzimmer-Remastered\hash_passwords.py", line 129, in check_hash
    diff |= ord(char_a) ^ ord(char_b)
TypeError: ord() expected string of length 1, but int found

for char_a, char_b in zip(hash_a, hash_b):
    diff |= ord(char_a) ^ ord(char_b)

char_a is an integer and chat_b is not. I was able to fix this by converting char_a to the real char:

for char_a, char_b in zip(hash_a, hash_b):
    diff |= ord(chr(char_a)) ^ ord(char_b)

Finally I had no errors, but it tells me the entered password is wrong, so somewhere is an error, because I know that the password is correct and it works on the python 2 app.

EDIT

Someone mentioned the 2to3 library, so I tried it. All in all it has done the same things, which I have done already and the problem is the same.

EDIT for bounty

To sum it up. The 2 functions which I posted above come from python 2 and work in python 2.

This hash:

PBKDF2$sha256$10000$r+Gy8ewTkE7Qv0V7$uqmgaPgpaT1RSvFPMcGb6cGaFAhjyxE9

is this password: Xs12'io!12

I can correctly login with this password on my python 2 app.

Now I want to use the same two functions in python 3, but eventhough I worked through all errors, it tells me the password is wrong.

The imports:

import hmac
import hashlib
from struct import Struct
from operator import xor
from itertools import izip, starmap

from base64 import b64encode, b64decode
import hashlib
from itertools import izip
from os import urandom
import random
import string

These imports are used in the python 2 script.

Improve this question
9
  • I would just try h.update(x) => h.update(x.encode("utf-8")) Commented Jan 18, 2019 at 10:16
  • I am doing this already, you missed it, while reading the question. I know its long. Thanks for the reply! Commented Jan 18, 2019 at 10:26
  • Aside, but out of curiosity: if you want to convert the code to Python 3, why keep unicode and xrange, instead of replacing them with their Python 3 equivalents? Commented Jan 18, 2019 at 15:48
  • You should do some proper debugging: litter some print statements/functions in both codes, then compare all intermediate values (it may compare str and bytes, but the contents should be the same). That may show you where the scripts go wrong. Commented Jan 18, 2019 at 15:57
  • I have done all this already, I didnt wanted to post all prints and tests as it would be a lot more code and would look messy. I hoped that someone would immediately recognize the issue, but as it seems, its a very hard issue. Thanks for the reply! Commented Jan 18, 2019 at 18:18

1 Answer 1

Reset to default
1
+50

I think I got it working. I found the original code on github which helped me create a test case. After looking at the issues I followed the solution you came up with and I decoded the bytes to iso-8859-1 instead of utf-8 and it worked.

from struct import Struct
from base64 import b64decode
import hashlib
import hmac
from operator import xor
from itertools import starmap


_pack_int = Struct('>I').pack


def check_hash(password, hash_):
    """Check a password against an existing hash."""
    if isinstance(password, str):
        password = password.encode('utf-8')
    algorithm, hash_function, cost_factor, salt, hash_a = hash_.split('$')
    assert algorithm == 'PBKDF2'
    hash_a = b64decode(hash_a).decode('iso-8859-1')
    hash_b = pbkdf2_bin(password, salt, int(cost_factor), len(hash_a),
                        getattr(hashlib, hash_function))
    assert len(hash_a) == len(hash_b)  # we requested this from pbkdf2_bin()
    # Same as "return hash_a == hash_b" but takes a constant time.
    # See http://carlos.bueno.org/2011/10/timing.html
    diff = 0
    for char_a, char_b in zip(hash_a, hash_b):
        diff |= ord(char_a) ^ ord(char_b)
    return diff == 0


def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
    """Returns a binary digest for the PBKDF2 hash algorithm of `data`
    with the given `salt`.  It iterates `iterations` time and produces a
    key of `keylen` bytes.  By default SHA-1 is used as hash function,
    a different hashlib `hashfunc` can be provided.
    """
    hashfunc = hashfunc or hashlib.sha1
    mac = hmac.new(data, None, hashfunc)
    def _pseudorandom(x, mac=mac):
        h = mac.copy()
        h.update(x)
        return list(map(ord, h.digest().decode('iso-8859-1')))
    buf = []
    for block in range(1, -(-keylen // mac.digest_size) + 1):
        myx = salt.encode('utf-8') + _pack_int(block)
        rv = u = _pseudorandom(myx)
        for i in range(iterations - 1):
            u = _pseudorandom(''.join(map(chr, u)).encode('iso-8859-1'))
            rv = starmap(xor, zip(rv, u))
        buf.extend(rv)
    return ''.join(map(chr, buf))[:keylen]


if __name__ == "__main__":
    print(check_hash('Xs12\'io!12', 'PBKDF2$sha256$10000$r+Gy8ewTkE7Qv0V7$uqmgaPgpaT1RSvFPMcGb6cGaFAhjyxE9'))

Instead of continuing to finegale this script and maintain it, I'd suggest looking at python3 implementations of this same function.

References

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thank you a lot, I made a very stupid mistake. The first time I was working with this code (some years ago), god knows why, I added a script comment to modify the coding and it was iso-8859-1, but in the script I used utf-8, I had overwritten the decoding only there. At the time this was my first web project and now I simply overlooked that there was this line. Thank you very much for solving the issue. I am sorry you had to look for the complete version everywhere, you should have asked me. But you helped me A LOT.
Bounty can will be awarded in 21 hours.
No problem. I learned a bit on encodings and the limitations of the 2to3 package. I'm glad I could help.
Note: Python 3 already implements PBKDF2 hmac hashing, there is no need to re-implement this.
hashlib.pbkdf2_hmac(hash_function, password.encode('ascii'), salt.encode('ascii'), int(cost_factor))[:len(hash_a)] can replace pbkdf2_bin().

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.